ICD Brief 22.

ICD Brief 22.

12.12.2016. – 18.12.2016.

In a week characterized by expanding threats, we see increased multi stakeholder resilience and response in banking, insurance and defense. We’ve linked headlines for the quickest read followed by linked summaries.

USA

“When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk. His message was brief if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government. This article explores what happened after this and Russia ‘hacked’ the USA.”

“Cyber attacks targeting the global bank transfer system have succeeded in stealing funds since February’s heist of $81 million from the Bangladesh central bank as hackers have become more sophisticated in their tactics, according to a SWIFT official and a previously undisclosed letter the organization sent to banks worldwide. The messaging network in a Nov. 2 letter seen by Reuters warned banks of the escalating threat to their systems, according to the SWIFT letter.”

“CIA Director John Brennan told his workforce in an internal message that the CIA, Director of National Intelligence and FBI are on the same page regarding Russian hacking, according to multiple intelligence officials who have viewed the message. Multiple sources say the CIA director was responding in part to anger and frustration in the agency at charges — many from GOP lawmakers and President-elect Donald Trump — that the CIA was somehow politicizing intelligence and analysis regarding Russian hacking.”

“Cybersecurity is a top priority for program managers at Marine Corps Air Station (MCAS) Miramar who are designing an energy security microgrid. Since July 5, Miramar engineers have been working with Black & Veatch and Schneider Electric USA on a $19 million microgrid. ”

“Yahoo late Wednesday disclosed a breach that took place in August 2013 that may have resulted in the theft of data associated with more than one billion user accounts. The latest breach is separate from a 500-million-account breach the company disclosed in September of this year. At the time, the 500-million-account breach, which took place in 2014, was believed to be the largest on record.”

“By picking retired Marine Gen. John Kelly as secretary of Homeland Security, President-elect Donald Trump has amplified concerns about DHS’s role in defending the nation in cyberspace under his administration. With the department’s new leaders expected to focus heavily on border and immigration security — and the incoming administration seemingly determined to unleash the capabilities of the military and the NSA in cyberspace — many insiders fret that cybersecurity will take a back seat at DHS.”

China

“China’s Communist Party may be on its way to inventing the real thing. It is planning what it calls a “social-credit system”. This aims to score not only the financial creditworthiness of citizens, as happens everywhere but also their social and possibly political behaviour. It is not yet clear how extensive the system will be, nor whether it will work, nor how far it will withstand the criticism ranged against it in the state-controlled media. But an outline is complete and some of the building blocks are in place. The early signs are that China is starting on the most ambitious experiment in digital social control in the world. ”

“In November 2016, the Cyberspace Administration of China (CAC) hosted the third “World Internet Conference,” in the ancient water town of Wuzhen, near Shanghai. The CAC is the organization that staffs the Central Leading Group for Internet Security and Informatization, which is chaired by President Xi Jinping and coordinates Chinese cyberspace policy across the government. This year’s conference was smaller than last years (1,600 vs. 2,000 participants), more focused and substantive, and generally more serious. ”

Germany

“Germany’s cybersecurity authority, the Federal Office for Information Security (BSI), criticized Yahoo on Thursday for failing to adopt adequate encryption techniques to protect its users’ personal data. The BSI also advised German consumers to consider switching to alternatives for email after Yahoo disclosed a second data breach that raised fears Verizon might kill a deal to buy its core internet business.”

“On November 29, Bruno Kahl, the head of Germany’s federal intelligence agency, warned in an interview with the Süddeutsche Zeitung that Russia would attempt to use cyberattacks to manipulate that contest. The same week, German Chancellor Angela Merkel made clear that Russian cyberattacks had become part of everyday reality. “We have to learn to live with it,” she said. This article explores a cyber program for Berlin. ”

Israel

“The debate over where “the Silicon Valley for cybersecurity” will be located is over. For some time now, the answer has been Tel Aviv. The Startup Nation has been producing new cybersecurity companies at a breathtaking speed. Boston, long a prospect in the race, seemingly has decided to settle for the consolation prize of being the preferred home from which to take Israeli startups public.”

NATO

“A senior NATO official has hailed a newly-signed agreement on cyber information sharing as a “key piece in the jigsaw” in the ongoing fight against cyber warfare. The agreement comes after President Obama accused Russia of a cyber attack on the recent U.S elections and warned of threats of retaliation.”

Russia

“In the past decade the Russian government has mounted more than a dozen significant cyber attacks against foreign countries, sometimes to help or harm a specific political candidate, sometimes to sow chaos, but always to project Russian power. A chronology developed by NBC News from U.S. intelligence sources shows Russia was involved in the attacks described in the article.”

Saudi Arabia

“More than a year after a drowned Syrian toddler washed up on a beach in Turkey, the tiny refugee’s body, captured in a photograph that shocked the world, reappeared on computer screens across Saudi Arabia — this time as a prelude to a cyberattack. The strike last month disabled thousands of computers across multiple government ministries in Saudi Arabia, a rare use of offensive cyberweapons aimed at destroying computers and erasing data. The attackers, who haven’t claimed responsibility, used the same malware that was employed in a 2012 assault against Saudi Arabian Oil Co., known as Saudi Aramco, and which destroyed 35,000 computers within hours.”

UK

“The man responsible for Britain’s cyber defences says a suspected hacking campaign to influence the US election could inspire attacks on the UK. Ciaran Martin, chief executive of the National Cyber Security Centre, said it may have created “a perception that this is a successful model”. He said GCHQ took measures to protect the 2015 UK election against hacking.”

“Sector resilience plans set out the resilience of the UK’s most important infrastructure relevant to the relevant risks identified in the National Risk Assessment. Individual plans are classified, but the Cabinet Office publishes a summary of the plans. Government departments have lead responsibility for ensuring appropriate steps are taken within their sectors to improve protective security. They also lead to the identification of critical infrastructure within their sectors in consultation with Centre for the Protection of National Infrastructure and sector organisations.”

“Almost a third of the 235 graduates joining BAE Systems next year will be hired to work in the firm’s cyber security arm as digital threats to government and businesses soar. The blue-chip defence giant said the new emphasis in its graduate programme was prompted by an online survey it conducted with business heads, in which found 57 percent said they had experienced a cyber-attack in the last year, despite believing the appropriate security controls were in place.”

Insurance

“Cyberinsurance is the fastest-growing insurance product in America, fueled by a slate of recent corporate and government hackings. Yahoo Inc. on Wednesday disclosed that an unauthorized third party stole data associated with more than one billion user accounts in 2013, the company’s second disclosure of a data theft this year. In October, a distributed denial-of-service attack left hundreds of websites unreachable, including Twitter Inc. and Netflix Inc. PricewaterhouseCoopers forecasts that the now roughly $3 billion corporate cyberinsurance market will grow to $7.5 billion in premiums by 2020, driven partly by rising prices.”

“Chubb announced on Tuesday that it has introduced Cyber COPE, a new model for underwriting cyber insurance that is intended to simplify and improve the assessment of both cyber and privacy risks. Authored by Ross Cohen, director of cyber/privacy services at Chubb, the advisory outlines how the COPE methodology – used by property underwriters for nearly 300 years – can be modified to measure cyber risk. ”

“Cyber Insurance Market Report, published by Allied Market Research, forecasts that the global market is expected to garner $14 billion by 2022, registering a CAGR of nearly 28% during the period 2016-2022. North America constituted the largest cyber insurance market share in 2015 and it would continue to dominate the market during the forecast period. Growth in the region is supplemented by enforcement of data protection regulations in U.S. Moreover, an increase in levels of liability and legislative developments accelerate the market growth.”

Feature

“If 2016 was the year hacking went mainstream, 2017 will be the year hackers innovate, said Adam Meyer, chief security strategist at SurfWatch Labs. Meyer analyzes large and diverse piles of data to help companies identify emerging cyber-threat trends. “2017 will be the year of increasingly creative [hacks],” he said. In the past, cybersecurity was considered the realm of IT departments, Meyer explained, but no longer. As smart companies systematically integrate security into their systems, the culture hackers too will evolve.”

“Steve Weiseman, an expert in preventing cyberscams and identity theft, a lawyer and professor at Bentley University summarizes his predictions concerning cybersecurity for 2017 in 13 points. You thought 2016 was bad? Wait until you see 2017!”